中文版本

Firmware Version: V1.0.1.64PRRU

Open your browser and open http://<your router IP>/BRS_02_genieHelp.html

Select one of the Radio buttons, and you will bypass the router authentication.

Edit your config freely in case you forgot your password and you even don't need to press the RESET button.

However, it's more like a bug not a backdoor. Who will write an user-friendly GUI for a backdoor? :)

There is also a injection vulnerability.

Open http://<your router IP>/ping6_traceroute6_hidden_info.htm and enter `reboot` in the box called ping6 to, you can successfully reboot your router. This page requires authentication in V1.0.1.64PRRU. But in previous version of firmware, this page doesn't need authentication so crackers can use this page to obtain root privilege of your router.

You can get update from ftp://downloads.netgear.com/pub/netgear/updates/ and ftp://download.netgear.com.cn:8084 to fix problems mentioned above.

Reference: Complete, Persistent Compromise of Netgear Wireless Routers